Blog

Practice Guide Trade Secrets Act

Reading time: 5 min
Trade Secrets Act: effectively protecting knowledge within the company

What do Coca-Cola, Kentucky Fried Chicken and WD-40 have in common? Their recipes are among the best-kept trade secrets in the world. Almost every company has secrets worth protecting - from its own price calculations to customer lists and technical innovations. Since 2019, the German Trade Secrets Act (GeschGehG) has regulated how companies can legally protect this valuable information. However, legal protection only applies if companies take action themselves. This guide shows what a trade secret is, what protective measures you need to take and what role your employees play in this.

Share this article

These are trade secrets

A trade secret protects the valuable knowledge of a company. This includes, for example, technical drawings, recipes, customer lists, marketing strategies, production methods or price calculations. For information to be considered a trade secret, it must fulfill three central characteristics:

  • It must not be publicly known.
  • It must have an economic value.
  • It must be secured by suitable protective measures.

One example: Only a few Haribo employees know the recipe for the gummy bears. The exact composition is a trade secret and is closely guarded. For over 100 years, the recipe has ensured the unmistakable taste of the products - and the success of the company.

Trade Secrets Act: regulations and areas of application

Since 2019, the Trade Secrets Act, also known colloquially as the Trade Secrets Protection Act, has strengthened the position of companies wishing to protect their valuable information. It transposes the European Know-how Protection Directive into German law and thus creates an independent law for the protection of trade secrets for the first time. The Trade Secrets Protection Act clearly defines what a trade secret is and when it is breached. The law also provides companies with effective tools to take action against industrial espionage and betrayal of secrets. Protection is mandatory for everyone: from freelancers to limited liability companies and corporations. Anyone who legally uses third-party trade secrets, for example through a license, also enjoys this protection.

Trade secret protection vs. data privacy: what's the difference?

Do not confuse the protection of trade secrets with the protection of data. The data privacy Regulation (GDPR) protects people's privacy - i.e. their personal data such as name, address or account details. The GeschGehG, on the other hand, protects a company's commercially valuable information. For example, a customer list is both a trade secret because of its economic value and a data protection case because of the personal data it contains.

Obtain trade secrets: These are permitted and punishable acts

The Trade Secrets Protection Act makes a clear distinction between permitted and prohibited ways of obtaining trade secrets. According to the GeschGehG, independent discovery and development is permitted. For example, employees may buy a competitor's product and investigate how it works. Anyone who comes up with a solution themselves through observation, research and testing (reverse engineering) is also acting legally. Employees may also continue to use their professional experience and skills after changing jobs. 

On the other hand, all methods that rely on deception or criminal acts are prohibited. These include

  • the hacking of company computers
  • copying confidential documents
  • bribing employees
  • Photography in protected production areas
  • the interception of conversations
  • the unauthorized use of stolen information

A concrete example: A sales employee may take knowledge acquired about successful sales strategies into their next employment relationship. However, they may not copy their old employer's secret customer list and take it with them - this is a violation of the GeschGehG.

Good to know

The handling of accidentally obtained trade secrets is also regulated: Anyone who accidentally gains access to confidential documents must return or destroy them. This applies, for example, if confidential documents end up in the wrong mailbox due to an unfortunate coincidence.

Possible confidentiality measures for companies

The legal protection of the GeschGehG only applies if you take action yourself. You must take measures to prevent the intentional or unintentional disclosure of confidential information. If you leave confidential information on your desk or do not secure it with technical measures, you cannot later invoke the protection of confidentiality. The good news is that simple confidentiality measures are often sufficient to ensure the necessary protection. Without these measures, you cannot take legal action against the perpetrator in the event of theft or betrayal.

The Trade Secrets Act requires appropriate confidentiality measures to be taken. The measures are divided into these three areas:

  • organizational
  • technical
  • legal

The scope depends on the importance of the information - the more valuable the secret, the more extensive the protective measures must be.

Organizational protective measures

Organizational measures start with clear responsibilities: Determine who has access to what information. Confidential documents belong in locked cabinets, sensitive areas need access controls. Visitors should never be allowed to walk through production unaccompanied. A clean desk policy - removing sensitive business information such as documents, USB sticks or business cards from the desk every day - also protects against a breach of the GeschGehG. Organizational protective measures also include, for example, providing employees with comprehensive training.

Effectively protect valuable secrets

The training courses within the Compliance College are organizational protective measures that you can take to protect trade secrets.

More about the Compliance College

Technical protective measures

Technical measures are based on modern IT security. These include, for example

  • a firewall
  • Secure passwords and two-factor authentication
  • Encrypted data transmission
  • Logging of access to sensitive data
  • Protection against unauthorized copying
  • Secure disposal of data carriers and documents

Legal protective measures

Legal measures start with the employment contract. Confidentiality agreements with employees, customers and business partners are essential for effective confidentiality and clearly regulate how they must handle confidential information. You must also specify which information is considered confidential - a blanket confidentiality clause is not enough.

Please note

The Trade Secrets Act does not specify in detail which specific protective measures a company must take. In the GeschGehG you will only find the wording: appropriate confidentiality measures.

Consequences of violations of the GeschGehG

Anyone who violates trade secrets must expect consequences. The following applies: not only deliberate betrayal of secrets, but also negligent disclosure have considerable legal and economic consequences. The law provides companies with effective tools to enforce their rights. The consequences can be both civil and criminal.

In the event of an infringement, you can immediately enforce a claim for injunctive relief. This means that the unlawful use must be stopped immediately. You can also demand that unlawfully obtained trade secrets be destroyed or handed over. The person who breaks the law must also pay compensation for the damage caused. Anyone who violates trade secrets risks a prison sentence of up to three years or a fine. In the case of commercial activity, there is even a risk of up to five years in prison.

Whistleblowing: The exception in the Trade Secrets Act

The law protects people who uncover unlawful acts or professional misconduct. Anyone who acts in good faith and reports grievances such as environmental violations, corruption or health hazards is not liable to prosecution. There is a clear order of priority: use internal channels, then involve the authorities and finally go public. However, the protection only applies if these persons uncover genuine grievances and do not deliberately damage the company.

Protecting trade secrets with training courses from the Compliance College

Even the best technical measures to protect your business secrets are of little use if employees do not know how to handle confidential information. This is where the Compliance College comes in. It combines legally compliant documentation with sustainable awareness-raising among employees - in a modern, digital way.

With the Compliance College , you can efficiently implement contractual protective measures such as confidentiality obligations and non-disclosure agreements. The interactive training courses on compliance, data privacy and IT security sensitize your employees to the protection of trade secrets in a practical way.

The advantages of the Compliance College at a glance

✓ Legally compliant documentation of all training courses and obligations

✓ Adaptive learning content that adapts to the level of knowledge

✓ Easy integration of e-learning into everyday working life

✓ Diverse formats from e-learning to gamification

✓ Multilingual content for international teams

✓ Minimal administrative effort thanks to automated processes

✓ Regular refresher courses possible

The protection of trade secrets only works if everyone participates. The Compliance College creates the basis for precisely this: your employees not only understand their duties, but also develop a real awareness of the value and handling of confidential information.

Protect your business secrets sustainably

Find out in a personal consultation how you can sensitize your employees to the protection of trade secrets and at the same time meet all legal requirements. Discover the possibilities of the Compliance College for your company.

To the contact form

Conclusion: Protecting trade secrets together

The protection of trade secrets is a comprehensive task that requires technical, organizational and legal measures. It is crucial that all levels of the company are involved. It is particularly important that your employees understand how to handle confidential information. Therefore, invest in regular training and an open communication culture.